Insuring proper use of a SITE and it's pages...

Hello,

I am in the process of setting up a function to help with proper page  
navigation/processes and page access. Basically, the way I was hoping  
it could work is every time I load a page I would set a Last Page  
SESSION variable with the file name. Then when another page is  
targeted, I would refer to that session variable to make sure that the  
navigation is allowed and if the user's level allows access to the  
page (to guard against hacking, history, and bookmarks). If the two  
test are not invoked, it would then reset the "LastPage" with that  
current page. I am running into issue with using the BACK button and  
history.

Bottom line is I want the $_SESSION['LastPage'] with the current pages  
name regardless of how it's accessed. How do developer's handle this?  
The function is below:



function Validate_Page_Nav($db, $CurrentPage, $LastPage, $ErrorPage) {

$resul = $db->query("SELECT * FROM Page_Access WHERE URI =  
'{$CurrentPage}'") or die("failed to get access data");
$page_access = $resul->fetch_assoc();
$pa = $page_access['User_Level'];
$URI_access = explode(",", $pa);

if($_SESSION['Last_Page'] != $LastPage) {
                header("location: {$ErrorPage}?message=Unable to update user  
information.");
                exit();
                }

if(!in_array($_SESSION['Staff_level'], $URI_access)) {
                header("location: {$ErrorPage}?message=Unable to update user  
information.");
                exit();
                }
               
                $_SESSION['Last_Page'] = $CurrentPage;
               
}


Thanks for any advice you can offer.

Don Wieland
D W   D a t a   C o n c e p t s
~~~~~~~~~~~~~~~~~~~~~~~~~
donw@...
Direct Line - (949) 305-2771

Integrated data solutions to fit your business needs.

Need assistance in dialing in your FileMaker solution? Check out our  
Developer Support Plan at:
http://www.dwdataconcepts.com/DevSup.html

Appointment 1.0v9 - Powerful Appointment Scheduling for FileMaker Pro  
9 or higher
http://www.appointment10.com

For a quick overview -
http://www.appointment10.com/Appt10_Promo/Overview.html


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Don Wieland wrote:
> ... I am running into issue with using the BACK button and history.
>
> Bottom line is I want the $_SESSION['LastPage'] with the current pages
> name regardless of how it's accessed.

Using the "Back" button doesn't necessarily produce a new request to the
server.
If you want to track such visits at the server, I think the conventional
wisdom is to deliver a dummy page with a redirect to the real "payload"
page. I believe the redirect will be invoked regardless of whether the
dummy page was arrived at by the "Back" button or not.

(But frankly it's been a while since I fooled with this so I may be wrong.)

John


Don Wieland wrote:

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php